CVE-2003-1051

IBM DB2 Universal Database 8.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-1051. PoCs published by SNOSoft.

AI-analyzed exploit summary This exploit demonstrates a format string vulnerability in IBM DB2 binaries (db2govd, db2start, db2stop) that are installed setuid. A local attacker can leverage this to execute arbitrary code and escalate privileges.

Description

Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

Exploits (3)

exploitdb WORKING POC VERIFIED
by SNOSoft · textlocallinux
https://www.exploit-db.com/exploits/23345

This exploit demonstrates a format string vulnerability in IBM DB2 binaries (db2govd, db2start, db2stop) that are installed setuid. A local attacker can leverage this to execute arbitrary code and escalate privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: IBM DB2 (versions affected by CVE-2003-1051)
No auth needed
Prerequisites: Local access to the system · Presence of vulnerable IBM DB2 binaries
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SNOSoft · textlocallinux
https://www.exploit-db.com/exploits/23344

This exploit demonstrates a format string vulnerability in IBM DB2 binaries (db2govd, db2start, db2stop) that allows local privilege escalation due to improper handling of format specifiers in command-line parameters. The PoC shows how passing format strings like %x or %n%n can trigger crashes or arbitrary memory writes, potentially leading to elevated privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: IBM DB2 (versions affected by CVE-2003-1051)
No auth needed
Prerequisites: Local access to the system · Presence of vulnerable IBM DB2 binaries with setuid permissions
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SNOSoft · textlocallinux
https://www.exploit-db.com/exploits/23346

This exploit demonstrates a format string vulnerability in IBM DB2 binaries (db2govd, db2start, db2stop) that can lead to local privilege escalation. The PoC shows how malformed input with format specifiers (%x, %n) causes segmentation faults, indicating exploitable conditions.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: IBM DB2 (versions affected by CVE-2003-1051)
No auth needed
Prerequisites: Local access to a vulnerable IBM DB2 installation · Presence of setuid binaries (db2govd, db2start, db2stop)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8989
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/343804

Scores

EPSS 0.0126
EPSS Percentile 65.8%

Details

Status published
Products (1)
ibm/db2 9.0
Published Sep 28, 2004
Tracked Since Feb 18, 2026